Code Review / ccsdk / distribution.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Run CCSDK dockers as non-root
[ccsdk/distribution.git] / ansible-server / src / main / Dockerfile
diff --git a/ansible-server/src/main/Dockerfile b/ansible-server/src/main/Dockerfile
index 4a9c414..7ad66d3 100644 (file)
--- a/ansible-server/src/main/Dockerfile
+++ b/ansible-server/src/main/Dockerfile
@@ -19,12 +19,19 @@ RUN apk add --no-cache curl \
     pip install --no-cache-dir -r ansible-server/requirements.txt &&\
     apk del .build-deps
 
-COPY ansible-server ansible-server
-COPY configuration/ansible.cfg /etc/ansible/ansible.cfg
+RUN addgroup -S ansible && adduser -S ansible -G ansible
+COPY --chown=ansible:ansible ansible-server ansible-server
+COPY --chown=ansible:ansible configuration/ansible.cfg /etc/ansible/ansible.cfg
+
 
 WORKDIR /opt/ansible-server
 
 RUN mkdir /opt/onap ; ln -s /opt/ansible-server /opt/onap/ccsdk
+RUN echo > /var/log/ansible-server.log
+RUN chown ansible:ansible /var/log/ansible-server.log
+
+USER ansible:ansible
+
 
 EXPOSE 8000
 
CCSDK distribution packaging (e.g. docker containers)